From 69a6612ea2c0a8a44304a95bb090bd0a1555673e Mon Sep 17 00:00:00 2001 From: Kevin Midboe Date: Tue, 8 Apr 2025 21:47:53 +0200 Subject: [PATCH] kubernetes & drone CI files --- .drone.yml | 127 ++++++++++++++++++++++++++++++ .kubernetes/0-namespace.yml | 5 ++ .kubernetes/1-secret.yml | 13 +++ .kubernetes/deployment.yml | 33 ++++++++ .kubernetes/ghcr-token-secret.yml | 9 +++ .kubernetes/ingress.yml | 19 +++++ .kubernetes/service.yml | 19 +++++ 7 files changed, 225 insertions(+) create mode 100644 .drone.yml create mode 100644 .kubernetes/0-namespace.yml create mode 100644 .kubernetes/1-secret.yml create mode 100644 .kubernetes/deployment.yml create mode 100644 .kubernetes/ghcr-token-secret.yml create mode 100644 .kubernetes/ingress.yml create mode 100644 .kubernetes/service.yml diff --git a/.drone.yml b/.drone.yml new file mode 100644 index 0000000..6f672e3 --- /dev/null +++ b/.drone.yml @@ -0,0 +1,127 @@ +--- +kind: pipeline +type: docker +name: Build + +platform: + os: linux + arch: amd64 + +steps: + - name: Install dependencies + image: node:22-alpine3.20 + commands: + - yarn + + - name: Lint project + image: node:22-alpine3.20 + commands: + - yarn lint || true + + - name: Build + image: node:22-alpine3.20 + commands: + - yarn build + +--- +kind: pipeline +type: docker +name: Publish + +platform: + os: linux + arch: amd64 + +steps: + - name: Publish to ghcr + image: plugins/docker + settings: + registry: ghcr.io + repo: ghcr.io/kevinmidboe/${DRONE_REPO_NAME} + dockerfile: Dockerfile + username: + from_secret: GITHUB_USERNAME + password: + from_secret: GHCR_UPLOAD_TOKEN + tags: + - latest + - ${DRONE_COMMIT_SHA} + +trigger: + event: + include: + - push + exclude: + - pull_request + branch: + - main + +depends_on: + - Build + +--- +kind: pipeline +type: docker +name: Deploy + +platform: + os: linux + arch: amd64 + +steps: + - name: Prepare kubernetes environment + image: alpine/k8s:1.25.15 + environment: + VAULT_TOKEN: + from_secret: VAULT_TOKEN + VAULT_HOST: + from_secret: VAULT_HOST + commands: + - mkdir -p /root/.kube + - echo "IMAGE=ghcr.io/kevinmidboe/${DRONE_REPO_NAME}:${DRONE_COMMIT_SHA}" > /root/.kube/.env + - echo "NAMESPACE=${DRONE_REPO_NAME}" >> /root/.kube/.env + - 'curl -s + -H "X-Vault-Token: $VAULT_TOKEN" + $VAULT_HOST/v1/schleppe/data/kazan/_infra + | jq -r ".data.data.KUBE_CONFIG" > /root/.kube/config' + - 'curl -s + -H "X-Vault-Token: $VAULT_TOKEN" + $VAULT_HOST/v1/schleppe/data/kazan/_infra + | jq -cr ".data.data | .[\"ghcr-login-secret\"] | @base64" > /root/.kube/dockerconfig.json' + - echo "DOCKER_CONFIG=$(cat /root/.kube/dockerconfig.json)" >> /root/.kube/.env + - 'curl -s + -H "X-Vault-Token: $VAULT_TOKEN" + $VAULT_HOST/v1/schleppe/data/kazan/${DRONE_REPO_NAME} + | jq -cr ".data.data | to_entries[] | .key + \"=\" + (.value | @base64)" >> /root/.kube/.env' + - sed -i '/^$/!s/^/export /' /root/.kube/.env + volumes: + - name: kube-config + path: /root/.kube + + - name: Deploy to kubernetes + image: alpine/k8s:1.25.15 + commands: + - source /root/.kube/.env > /dev/null 2>&1 + - cat .kubernetes/*.yml + | envsubst + | kubectl --kubeconfig=/root/.kube/config apply -f - + volumes: + - name: kube-config + path: /root/.kube + +trigger: + event: + include: + - push + exclude: + - pull_request + branch: + - main + +depends_on: + - Build + - Publish + +volumes: + - name: kube-config + temp: {} diff --git a/.kubernetes/0-namespace.yml b/.kubernetes/0-namespace.yml new file mode 100644 index 0000000..4db1d8a --- /dev/null +++ b/.kubernetes/0-namespace.yml @@ -0,0 +1,5 @@ +--- +apiVersion: v1 +kind: Namespace +metadata: + name: ${NAMESPACE} diff --git a/.kubernetes/1-secret.yml b/.kubernetes/1-secret.yml new file mode 100644 index 0000000..76e9718 --- /dev/null +++ b/.kubernetes/1-secret.yml @@ -0,0 +1,13 @@ +--- +apiVersion: v1 +kind: Secret +type: Opaque +metadata: + name: secret-env-values + namespace: ${NAMESPACE} +data: + PROXMOX_URL: ${PROXMOX_URL} + PROXMOX_TOKEN: ${PROXMOX_TOKEN} + HOMEASSISTANT_URL: ${HOMEASSISTANT_URL} + HOMEASSISTANT_TOKEN: ${HOMEASSISTANT_TOKEN} + TRAEFIK_URL: ${TRAEFIK_URL} diff --git a/.kubernetes/deployment.yml b/.kubernetes/deployment.yml new file mode 100644 index 0000000..d8cd8f8 --- /dev/null +++ b/.kubernetes/deployment.yml @@ -0,0 +1,33 @@ +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + annotations: + deployment.kubernetes.io/revision: '1' + labels: + app: infra-map + name: infra-map + namespace: ${NAMESPACE} +spec: + progressDeadlineSeconds: 600 + replicas: 2 + revisionHistoryLimit: 10 + selector: + matchLabels: + app: infra-map + strategy: + type: RollingUpdate + template: + metadata: + labels: + app: infra-map + spec: + containers: + - image: ${IMAGE} + imagePullPolicy: IfNotPresent + name: infra-map + envFrom: + - secretRef: + name: secret-env-values + imagePullPolicy: IfNotPresent + restartPolicy: Always diff --git a/.kubernetes/ghcr-token-secret.yml b/.kubernetes/ghcr-token-secret.yml new file mode 100644 index 0000000..68fe67c --- /dev/null +++ b/.kubernetes/ghcr-token-secret.yml @@ -0,0 +1,9 @@ +--- +apiVersion: v1 +kind: Secret +metadata: + name: ghcr-login-secret + namespace: ${NAMESPACE} +data: + .dockerconfigjson: ${DOCKER_CONFIG} +type: kubernetes.io/dockerconfigjson diff --git a/.kubernetes/ingress.yml b/.kubernetes/ingress.yml new file mode 100644 index 0000000..5cf4803 --- /dev/null +++ b/.kubernetes/ingress.yml @@ -0,0 +1,19 @@ +--- +apiVersion: networking.k8s.io/v1 +kind: Ingress +metadata: + name: infra-map-ingress + namespace: ${NAMESPACE} +spec: + ingressClassName: traefik + rules: + - host: infra.kazan.schleppe.cloud + http: + paths: + - backend: + service: + name: infra-map-service + port: + number: 80 + path: / + pathType: Prefix diff --git a/.kubernetes/service.yml b/.kubernetes/service.yml new file mode 100644 index 0000000..8bef88a --- /dev/null +++ b/.kubernetes/service.yml @@ -0,0 +1,19 @@ +--- +apiVersion: v1 +kind: Service +metadata: + labels: + app: infra-map + name: infra-map-service + namespace: ${NAMESPACE} +spec: + ports: + - port: 80 + protocol: TCP + targetPort: 3000 + selector: + app: infra-map + sessionAffinity: None + type: ClusterIP +status: + loadBalancer: {}